create: join also the mount ns of the dependency

when we are creating a container that depends on another one, be sure we also join its mount namespace in addition to the user namespace. Closes: #2556 Signed-off-by: Giuseppe Scrivano <[email protected]>
containers · Mar 7, 2019 · 081291c · 081291c
1 parent 4a02713
commit 081291c
Showing 1 changed file with 10 additions and 1 deletion.
diff --git a/cmd/podman/create.go b/cmd/podman/create.go
@@ -894,7 +894,16 @@ func joinOrCreateRootlessUserNamespace(createConfig *cc.CreateConfig, runtime *l
 				}
 				return false, -1, errors.Errorf("dependency container %s is not running", ctr.ID())
 			}
-			return rootless.JoinNS(uint(pid), 0)
+
+			data, err := ioutil.ReadFile(ctr.Config().ConmonPidFile)
+			if err != nil {
+				return false, -1, errors.Wrapf(err, "cannot read conmon PID file %q", ctr.Config().ConmonPidFile)
+			}
+			conmonPid, err := strconv.Atoi(string(data))
+			if err != nil {
+				return false, -1, errors.Wrapf(err, "cannot parse PID %q", data)
+			}
+			return rootless.JoinDirectUserAndMountNS(uint(conmonPid))
 		}
 	}
 	return rootless.BecomeRootInUserNS()